Operation Steps to Build an FTP Site Using the Windows Instance

1. Add IIS roles and features.

2. Create FTP Service username and password.

3. Set shared file permissions.

4. Configure the FTP site.

5. Configure the FTP firewall.

6. Configure security group rules and firewall policies.

7. Perform a connection test on the client.

Example Environment

Instance type: s3.large.2 | 2-core | 4G general purpose cloud server

Region: Shanxi

System disk: 40GB

Operating system: Windows 2012 Standard R2 64-bit Chinese version

Elastic IP bandwidth: 1Mbps

Procedure

1. Add IIS roles and features.
a. Log in to the Elastic Cloud Server.
b. Select Start > Server Manager.
c. Click Add Roles and Features.
d. In the Before You Begin dialog box that pops up, click Next.
e. Select Role-based or Feature-based Installation, click Next.

f. Select the server on which you want to deploy FTP and click Next.

g. Select Web Server (IIS) and click Add Features in the pop-up dialog box, then click Next.

h. Click Next until enter the Role Services page.
i. Select FTP Server and IIS Management Console, and click Next.

j. Click Install to start deploying the service role.
k. When the installation is complete, click Close.

①　Add IIS roles and features.

②　Add IIS roles and features.

③　Add IIS roles and features.

④　Add IIS roles and features.

2. Create FTP Service username and password.

a. In Server Manager, select Dashboard > Tools > Computer Management.

b. elect System Tools > Local Users and Groups > Users, right-click in the space on the right, and select New User.

c. Set the username and password, for example, "ftp".

3. Set shared file permissions.

You need to set access and modification permissions for folders shared with users on the FTP site.

a. Create a folder on the server for FTP, select the folder, and right-click and select Properties. []()[]() For example, the "share" folder.

b. On the Security tab, select Everyone and click Edit. If there is no "Everyone" user to choose directly, you need to add it first.

c. Select Everyone, then select the permissions for Everyone as needed, and click OK. Here we take Allow All Permissions as an example.

4. Configure the FTP site.

a. In Server Manager, select Dashboard > Tools > Internet Information Services (IIS) Manager.

b. Select Website and right-click, then select Add FTP Site.

c. In the pop-up window, fill in the FTP site name and the physical path of the shared folder, and then click Next. The site name here is "ftp" for example.

d. Enter the public IP address and port number of the ECS, set SSL, and click Next.

l The default port number is 21, which can also be set by yourself.

l SSL can be set as needed.

None: No SSL encryption required.

Allow: Allows non-SSL and SSL connections between the FTP server and the client.

Required: SSL encryption is required for communication between the FTP server and the client.

e.  Set the authentication and authorization information, and click Finish.

l Authentication

v Anonymous: Allow any user who only provides the username anonymous or ftp to access the content.

v Basic: Users are required to provide a valid username and password to access the content. However, basic authentication does not encrypt the password when it is transmitted over the network, so it is recommended that you use this authentication method when confirming the security of the network connection between the client and the FTP server.

l Authorize

v Allow access

n  All users: The content is accessible to all users.

n Anonymous users: Anonymous users can access the content.

n Specify roles or user groups: Only members of specified roles or user groups can access the content. If you select this option, you need to enter the specified role or user group in the input box below.

n Designated users: Only designated users can access the content. If you select this option, you need to enter the specified user in the input box below.

v Permissions: Select the Read and Write permissions for authorized users.

f. Bind the public IP address of the ECS.

Select Website, select the FTP site you created, and click Bind. Click Add in the pop-up Website Binding, then add the private IP address of the ECS in the pop-up window, and click OK.

5. Configure FTP firewall support.

l If you need to use the passive mode of the FTP server, you need to configure FTP firewall support.

l If the server on eSurfing Cloud needs to access the FTP server built by the instance on eSurfing Cloud through the public IP address, you need to configure the passive mode of FTP server.

v Double-click FTP Firewall Support to open the configuration page for FTP firewall support.

v Configure relevant parameters, data channel port range: Specifies the port range used for passive connections. The valid port range that can be specified is 1025-65535. Please set up according to the actual needs, configure 5000-6000 here. External IP address of the firewall: Enter the public IP address of the ECS.

v Restart the cloud server to make the firewall configuration take effect.

6. Configure security group rules and firewall policies.

After the FTP site is set up, you need to add a rule to release the FTP port in the inbound direction of the ECS security group. If FTP Firewall Support is configured, you need to release both the port used by FTP site and the data channel port used by FTP firewall in the security group.

The server firewall defaults to releasing TCP port 21 for FTP services. If you choose another port, you need to add an inbound rule in the firewall that releases this port.

7. Perform a connection test on the client.

Open the client computer and enter "ftp://FTP server IP address:FTP port" in the path bar (if the port is not filled in, port 21 will be accessed by default). The dialog box for entering the user name and password is displayed, indicating that the configuration is successful. After you enter the correct user name and password, you can perform corresponding operations on the FTP file. Create a work item .txt file in the share folder, which can be viewed and downloaded locally by accessing the shared folder.